Adding Salt to AutoYaST

Transcript

1. Imobach González Sosa YaST Developer [email protected] Adding Salt to AutoYaST

   Integrating AutoYaST and Configuration Managment Systems

2. AutoYaST

3. What is AutoYaST? • Tool to perform unattended installation/upgrade of

   openSUSE/SUSE systems • Allow configuration of already installed systems • Partitioning, network configuration, software installation… • ... and configuration of additional services

4. AutoYaST Profiles <profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns"> <partitioning config:type="list"> <!-- Partitioning schema

   --> </partitioning> <software> <!-- Software selection --> </software> <networking> <!-- Network configuration --> </networking> <scripts> <!-- Scripts to be executed pre/during/after installation--> </scripts> </profile>

5. A minimal profile <profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns"> <users config:type="list"> <user> <encrypted

   config:type="boolean">false</encrypted> <fullname>root</fullname> <gid>0</gid> <home>/root</home> <shell>/bin/bash</shell> <user_password>nots3cr3t</user_password> <username>root</username> </user> </users> </profile>

6. Writing a profile • From scratch • Clone an installed

   system (and tune it if needed) – AutoYaST UI – Command line

7. Limitations • Limited to YaST modules • Installation not always

   100% reproducible • Only applies to openSUSE/SUSE distributions

8. Configuration Management Software

9. At a glance • Enable administrators to configure systems and

   track changes • Usually the administrator describes how the system should look like • Automated and reproducible • Many options with a wide range of features

10. Salt • Configuration management and remote execution engine • Event-driven

    • Pretty flexible architecture • Superb documentation • Library of reusable components

11. Salt jargon • Roles: master and minions • State: system

    configuration description • Pillar: data to be used in states • Formula: reusable and pre-written Salt states • Grains: data associated to Minions

12. Example State apache: pkg.installed: [] service.running: - watch: - pkg:

    apache - file: /etc/httpd/conf/httpd.conf - user: apache /etc/httpd/conf/httpd.conf: file.managed: - source: salt://apache/httpd.conf - user: root - group: root - mode: 644

13. AutoYaST + Salt

14. The best of both worlds • AutoYaST does the initial

    installation: partitioning, network configuration, software installation, etc. • Salt performs additional configuration: more software installation, services configuration, etc.

15. Example 1: master based • Keys are pre-accepted by the

    Salt Master • Multiple keys can be stored at the same place <configuration_management> <type>salt</type> <master>salt.my-network.lan</master> <keys_url>http://my-network.lan/salt/keys</keys_url> <!-- <keys_url>usb:/</keys_url> --> </configuration_management>

16. See in it action! https://youtu.be/BOnhUtj-mFA

17. Example 2: master based • Minion needs to be accepted

    on the Salt master • System administrator intervention is needed <configuration_management> <type>salt</type> <!-- puppet support is experimental --> <master>salt.my-network.lan</master> <auth_attempts config:type="integer">3</auth_attempts> <auth_time_out config:type="integer">50</auth_time_out> </configuration_management>

18. Example 3: masterless mode • Salt server is not required

    • The module will retrieve states/formulas and pillars <configuration_management> <type>salt</type> <states_url>http://my-network.lan/salt/redis.tar.gz</states_url> <pillar_url>http://my-network.lan/salt/redis-conf.tar.gz</pillar_url> </configuration_management>

19. Experimental features

20. Puppet support <!-- Masterless mode --> <configuration_management> <type>puppet</type> <modules_url>http://my-network.lan/puppet/webserver.tgz</modules_url> </configuration_management>

    <!-- Master based mode --> <configuration_management> <type>puppet</type> <master>puppet.my-network.lan</master> <keys_url>http://my-network.lan/salt/keys</keys_url> </configuration_management>

21. SUSE Manager Parametrizable Salt Formulas • Mechanism to describe Pillars

    data • Enable developers to build a UI to expose them timezone: name: "Atlantic/Canary" utc: true

22. SUSE Manager Parametrizable Salt Formulas timezone: $type: hidden-group name: $type:

    select $values: ["UTC", "Atlantic/Canary", "Europe/Berlin", "US/Mountain"] $default: Europe/Berlin utc: $type: boolean $default: True

23. SUSE Manager Parametrizable Salt Formulas

24. See in it action! https://youtu.be/3pBUaWGeomo

25. Future

26. Some wild ideas • Improve UI integration within the installer

    • AutoYaST UI • Cloning support • Puppet Hiera • Git

27. Thanks!

28. Thanks! • My beloved YaST team for taking care of

    this module • Duncan Mac-Vicar for his contribution and help • Hannes Kühnemund for creating the feature request • The openSUSE Project!

29. References • YaST2 Configuration Management module https://github.com/yast/yast-configuration-management • AutoYaST documentation

    for openSUSE http://doc.opensuse.org/projects/autoyast/ • SaltStack homepage https://saltstack.com/ • Puppet Labs homepage https://puppetlabs.com/ • “Forms are the Formula for Success” by Joachim Werner https://www.suse.com/communities/blog/forms-formula-success/ • YaST2 integration with Salt (Hack Week proof of concept demostration) https://www.youtube.com/watch?v=2em_R84XVYg
30. None

31. Questions?

32. Join Us at www.opensuse.org

33. License This slide deck is licensed under the Creative Commons

    Attribution-ShareAlike 4.0 International license. It can be shared and adapted for any purpose (even commercially) as long as Attribution is given and any derivative work is distributed under the same license. Details can be found at https://creativecommons.org/licenses/by-sa/4.0/ General Disclaimer This document is not to be construed as a promise by any participating organisation to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. openSUSE makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for openSUSE products remains at the sole discretion of openSUSE. Further, openSUSE reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All openSUSE marks referenced in this presentation are trademarks or registered trademarks of SUSE LLC, in the United States and other countries. All third-party trademarks are the property of their respective owners. Credits Template Richard Brown [email protected] Design & Inspiration openSUSE Design Team http://opensuse.github.io/branding- guidelines/